Monthly Archives: August 2013

Active Directory Friday: List password information for Domain Administrators

In today’s Active Directory Friday we touch the subject of security of Domain Administrator accounts. Although this should not be overlooked it is not uncommon for passwords to be unchanged for a long period of time.

To find the members of the Domain Admins group we can use following LDAP Filter:

"(memberof=CN=Domain Admins,CN=Users,DC=jaapbrasser,DC=com)"

Then for each account found a PowerShell Custom Object is created with the following three properties:

  • Samaccountname
  • PasswordAge
  • Account Enabled

So combing all these statements the complete code is as follows:

$Searcher = New-Object DirectoryServices.DirectorySearcher -Property @{
    Filter = "(memberof=CN=Domain Admins,CN=Users,DC=jaapbrasser,DC=com)"
    PageSize = 500
$Searcher.FindAll() | ForEach-Object {
    New-Object -TypeName PSCustomObject -Property @{
        samaccountname = $_.Properties.samaccountname -join ''
        pwdlastset = [datetime]::FromFileTime([int64]($_.Properties.pwdlastset -join ''))
        enabled = -not [boolean]([int64]($ -join '') -band 2)

Active Directory Friday: Get DistinguishedName of current domain

To determine the DistinguishedName of the current domain the [adsi] accelerator can be utilized. The following piece of code can be used to retrieve the DN of the current domain:

New-Object -TypeName System.DirectoryServices.DirectoryEntry |
Select -ExpandProperty distinguishedName

Alternatively the [adsi] accelerator can be utilized for this purpose, as this requires less code and it is easier to remember:


The value returned by this line of code a System.DirectoryServices.PropertyValueCollection instead of a string object. To unwrap this code can be used:


Now the object returned is a string and the methods and properties of a string object are available, so it is possible to manipulate the output for example by doing a text replace:


Note that in PowerShell v3 and up it is not required to unwrap the array, as the Member Enumeration feature of PowerShell will ensure that the methods and properties of underlying objects in an array are available. As demonstrated in the following line of code:


New article on PowerShell Magazine: Using the System.Windows.Forms.FolderBrowserDialog Class

I have been using some of the default graphic interfaces that are provided by the System.Windows.Forms Class in my scripts. The FolderBrowserDialog class can be used to create a Dialog box that allows a user to select a folder, which can in turn be used in your script. I wrote an article on this for PowerShell Magazine, you can check it out here:



Dutch PowerShell User Group in Amsterdam, 12th of September

As a board member of the Dutch PowerShell User Group I am happy to announce that we will be holding our next meeting in exactly one months time. The details as specified on our website:

We are pleased to inform you that the evening of PowerShell will be held as below, following our successful 2ndDutch PowerShell User Group meetup last June. We changed the format of this meetup to take place in the evening. Parking is available nearby and the venue is located next to Amsterdam Zuid train station.
In this meeting all sessions will be in English.

For more information please visit or participate in the discussions on Twitter, @Dupsug or in our LinkedIn group discussions:

Tickets are available via EventBrite:


New article on PowerShell Magazine: Using the System.Windows.Forms.OpenFileDialog Class

The System.Windows.Forms.OpenFileDialog Class can be used to create a dialog which allows a user to select a single file or multiple files. This allows for a quick method of user interaction with a script. The selected file or list of files is returned as an object to the script and can be used for further automation.

To read more on this subject head over to my article on PowerShell Magazine: